二进制程序的格式学习
2018-04-27 本文已影响0人
心印印心
- 写一段源程序
; ----------------------------------------------------------------------------------------
; Writes "Hello, World" to the console using only system calls. Runs on 64-bit Linux only.
; To assemble and run:
;
; nasm -felf64 hello.asm && ld hello.o && ./a.out
; ----------------------------------------------------------------------------------------
global _start
section .text
_start: mov rax, 1 ; system call for write
mov rdi, 1 ; file handle 1 is stdout
mov rsi, message ; address of string to output
mov rdx, 13 ; number of bytes
syscall ; invoke operating system to do the write
mov rax, 60 ; system call for exit
xor rdi, rdi ; exit code 0
syscall ; invoke operating system to exit
section .data
message: db "Hello, World", 10 ; note the newline at the end
查看64位ELF文件的Header格式。
image.png
; ----------------------------------------------------------------------------------------
; Writes "Hello, World" to the console using only system calls. Runs on 32-bit Linux only.
; To assemble and run:
;
; nasm -felf hello.asm && ld -m elf_i386 -s -o a.out hello.o
; ----------------------------------------------------------------------------------------
global _start
section .text
_start: mov eax, 1 ; system call for write
mov edi, 1 ; file handle 1 is stdout
mov esi, message ; address of string to output
mov edx, 13 ; number of bytes
syscall ; invoke operating system to do the write
mov eax, 60 ; system call for exit
xor edi, edi ; exit code 0
syscall ; invoke operating system to exit
section .data
message: db "Hello, World", 10 ; note the newline at the end
(此文件能编译链接,但在86-64运行时报错:)
fht@ubuntu:~$ ./hello32
Illegal instruction (core dumped)
查看32位ELF文件的Header格式。
image.png
32为的程序起始位置为0x08048000,64位为0x0000000000400000。 程序的开始真正执行的入口地址,32位的为偏移地址0x80处。64位的为偏移地址0xb0
